Cryptographic Attacks and Network Security Controls Quiz

Questions and Answers

What is the most significant direct impact of the vulnerability discovered by Wendy on her network?

• Attackers may eavesdrop on network communications.
• Automated attacks are more likely to succeed.
• Attackers may use this information to gain administrative privileges. (correct)
• Encryption will not protect credentials for this account.

Which technique is the most effective way to carry out a domain hijacking attack?

• Network eavesdropping
• ARP poisoning
• DNS poisoning (correct)
• Social engineering

Which character is the most important to restrict when performing input validation to protect against XSS attacks?

• $
• < (correct)
• !
• '

Darren visited a phishing site designed to look like a legitimate banking site after typing the bank's URL. What type of attack is likely taking place?

DNS poisoning (A)

Which technology must be enabled on a wireless network for a Pixie Dust attack to succeed?

WPS (C)

What type of attack is most productive when a website requires complex passwords?

Online brute force (A)

What type of attack likely occurred when Vivian noticed millions of connection attempts from systems around the world that were never completed?

DDoS (A)

Which attack against Bluetooth technology allows the attacker to steal information from the device?

Bluesnarfing (A)

What is the most dangerous consequence of a buffer overflow attack?

Arbitrary command execution (B)

Which of the following would not be considered an OSINT tool?

Vulnerability scans (B)

What cryptographic attack may be used to find collisions in a hash function?

Birthday attack (D)

Which is not a likely consequence of system sprawl?

Improper input validation (D)

Which control would best protect Bob's service from an attack by Mal?

Adding TLS encryption (D)

What is the primary issue that Charlie needs to address regarding the Windows XP systems?

Obsolete operating system (D)

What type of attack is most likely taking place when an end user trying to visit a banking website sees an error message?

Man-in-the-middle (B)

During a security review, Terry identified a system using the RC4 cipher with a 40-bit key to protect communications over Remote Desktop Protocol. What weakness does this pose?

Low encryption strength (A)

What distinguishes a Birthday attack from other cryptographic attacks?

Specifically targets hash functions (B)

What should Val do regarding the self-signed certificates?

Conduct a risk assessment to determine appropriateness (A)

What does the MX record identify?

Mail server for a domain (C)

How should Gina address the vulnerabilities related to port 3389?

Upgrade encryption on the network port (B)

What type of attack is indicated in scenario 30.D?

Phishing attack (D)

What is the purpose of SOA records in DNS?

Provide information about authoritative servers for a DNS zone (A)

What action is recommended for certificates used by external users?

Conduct a risk assessment before deciding (D)

Which feature is typically not supported by mobile device management solutions?

Carrier unlocking (A)

In a round-robin load balancing scenario, which server will receive the next request after Server A?

Server B (C)

What command-line utility can Ben use to identify active network connections and services listening on a Linux system?

netstat (D)

How did the system receive the IP address shown in the ipconfig output?

DHCP (C)

What type of VPN is Tim planning to deploy based on the high-level diagram provided?

Site-to-site VPN (C)

To protect the password file for his service, what can Vince do?

Encrypt the password file (C)